BA Investigating Theft of Personal and Financial Data
|
|||
#1081
Join Date: Oct 2015
Location: LON/PEK
Programs: BA Silver; LH FTL; IHG Spire; Marriott Gold; Radisson Gold; ALL Silver; Hertz 5*; Starbucks Gold!
Posts: 1,610
Snag is that I'm still waiting for them to *post* me a password. Not sure why that's necessary, but there you go. Has anyone received their password via snail mail?
#1082
Join Date: Sep 2014
Location: Netherlands
Programs: AF/KL, LH, BA, Accor, Hilton, IHG, HERTZ, Avis
Posts: 22
Looking at BA’s twitter feed this morning, they’re saying they’re not offering compensation for the data breach. It’s not clear if this is a holding position or the formal ongoing policy. If they’d fulfilled their responsibilities and still got hacked, then that’s one thing. But they have clearly not followed the regulations on GDPR and PCI and saved money in the process, inconveniencing many of us through their conscious cost-cutting and transferring the burden onto us. That isn’t good enough in my opinion.
I spent valuable time on replacing cards (as suggested per Dutch AMEX) and reconfirming hotels and other bookings for which the card served as guarantee etc etc.
#1083
Join Date: May 2010
Location: Scotland
Programs: BA Exec Club (Bronze)
Posts: 325
I got an email today from them along the lines of "We notice you haven't started using the service yet - click here to log in".
Snag is that I'm still waiting for them to *post* me a password. Not sure why that's necessary, but there you go. Has anyone received their password via snail mail?
Snag is that I'm still waiting for them to *post* me a password. Not sure why that's necessary, but there you go. Has anyone received their password via snail mail?
#1084
Join Date: Nov 2010
Posts: 5,138
I have set up the account, but speaking to Experian it seems BA is only paying for 1 address.. They say as the others are linked they will be ok. Now to sort out Mrs rapidex who is in the same boat with her card.
#1085
Join Date: May 2016
Location: London
Programs: BAEC Silver; IHG Platinum Ambassador
Posts: 275
#1086
Ambassador: World of Hyatt
Join Date: Mar 2002
Location: UK - the nearest airport is named after a motorway !
Posts: 4,083
Send the ICO’s request for information to the dpo email address. If they don’t respond within 30 days, lodge a complaint as an individual with the ICO about loss of personal data.
If you feel that the emails already received highlighting what they think was stolen is the full and final response then skip the first step and just lodge a complaint anyway. We all need to do this.
If you feel that the emails already received highlighting what they think was stolen is the full and final response then skip the first step and just lodge a complaint anyway. We all need to do this.
Like DYKWIA, I think that now this has dropped off mainstream media, BA will do nothing *unless forced*...
#1087
Join Date: Dec 2016
Programs: BAEC GGL/CR; Hilton Diamond; Mucci des Puccis
Posts: 3,780
Looking at BA’s twitter feed this morning, they’re saying they’re not offering compensation for the data breach. It’s not clear if this is a holding position or the formal ongoing policy. If they’d fulfilled their responsibilities and still got hacked, then that’s one thing. But they have clearly not followed the regulations on GDPR and PCI and saved money in the process, inconveniencing many of us through their conscious cost-cutting and transferring the burden onto us. That isn’t good enough in my opinion.
The problem with these rhetorical positions on why BA owe you something is that they have no legal force. You might be able to claim for time (though this hasn't cost me any of that, I followed the AMEX instructions to do nothing). The ambulance chasers are suggesting mental anguish (didn't suffer from that myself). There might be, when the GPDR fine position is clearer, some gesture from BA, but you're in no more danger than if you forget to select the "private" option on the electoral roll.
#1088
Join Date: May 2006
Location: 5 miles from EMA
Programs: BD, BAEC Pleb, VS Pleb, Accor Pleb, HHonors Gold, Big White Season Pass
Posts: 5,641
Apologies for being stupid/lazy, but what is 'the ICO’s request for information'? I'd very much like to cause BA some grief over this, but don't know where/how to start - your suggestion seems to be well-informed, but what exactly should I send to the dpo address? I'm happy to put this into the wiki if someone can give step by step instructions.
Like DYKWIA, I think that now this has dropped off mainstream media, BA will do nothing *unless forced*...
Like DYKWIA, I think that now this has dropped off mainstream media, BA will do nothing *unless forced*...
The template to use is referenced upthread somewhere
#1089
Join Date: May 2010
Location: Oxon, UK
Programs: Mucci des canapes, Skywards Gold, BAEC Gold, IC Plat Amb, Accor Gold
Posts: 1,914
Well I have signed up for the class action. If BA come forward with an offer that shows they have taken this seriously within the next 14 days I will take advantage of the cooling off period and withdraw my registration. If not it will be interesting to see how they do in court.
Last edited by pomkiwi; Sep 19, 18 at 7:50 am
#1090
Join Date: Jul 2016
Programs: BA, Etihad
Posts: 51
Apologies for being stupid/lazy, but what is 'the ICO’s request for information'? I'd very much like to cause BA some grief over this, but don't know where/how to start - your suggestion seems to be well-informed, but what exactly should I send to the dpo address? I'm happy to put this into the wiki if someone can give step by step instructions.
Like DYKWIA, I think that now this has dropped off mainstream media, BA will do nothing *unless forced*...
Like DYKWIA, I think that now this has dropped off mainstream media, BA will do nothing *unless forced*...
#1091
FlyerTalk Evangelist
Join Date: Mar 2014
Location: CDG,JAX
Programs: UA 1K, DL PM
Posts: 10,232
#1093
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 55,171
Welcome to Flyertalk and welcome to the BA forum, CharlesTheTog, it's good to see you here and I hope we see more of you. From what I can make out, refunds - or non charges - were made to people with particular circumstances in play - for example they cancelled the card and cancelled recent BA transactions on the card. BA could pursue the cardholder but have elected not to do so. Section 75 of the Consumer Credit Act provides a remedy for breach of contract or misrepresentation.
#1094
Join Date: Aug 2015
Location: London, UK
Programs: BAEC Gold
Posts: 1,538
#1095
Join Date: Sep 2008
Location: ANR, BELGIUM
Programs: JE SUIS EXTRAORDINAIRE
Posts: 399
Got the below my mail from BA today (based in Belgium) , in response to what details could have been compromised .
In addition also got another mail about trying to claim tp & avios (which I never did).
Don't know where this is heading, did anyone else outside UK get calls or mails ?
**Please DO NOT reply directly to this email by using the ‘reply’ function on your personal email settings, as it WILL NOT be received. If you wish to send us a reply please use the link at the bottom of the email**

Dear Mr Diamantaire
Thanks for getting in touch about the recent data theft and please accept my apologies for any inconvenience or concern this may have caused you. Please accept my apology for the delay in responding.Our investigations to date confirm the theft occurred from 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018 inclusive. Accordingly, you would only be affected by this if you made, or changed, a booking during this time on ba.com or the mobile app. We want to reassure you that our website and mobile app are now working normally.The personal information compromised includes name, billing address, email address and all payment card information. This includes your card number, expiry date and CVV. No passport or travel details were stolen. As we wrote to you previously, unfortunately this information could be used to conduct fraudulent transactions using your bank or credit card account. Any passengers on the booking who have payment cards saved with us are not impacted, unless their card was used to make payment for the booking between 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018 inclusive.If you have noticed a fraudulent transaction on your card, in the first instance, please contact your bank or credit card provider and follow their recommended advice.
It’s important you’re not out of pocket as a consequence of the data theft so we have partnered with the banks and credit card providers to ensure you are reimbursed as swiftly as possible. In the first instance, the card provider should be your point of contact to analyse any suspicious payments and make sure you get any funds re-credited as quickly as possible. If you have any incidental costs which are not covered, you should contact us in writing. In order for us to review your claim, please provide us with the following details:
• The booking reference created between 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018.
• The actual date you made your booking.
• The email address and contact number in the booking that was created.
• Any receipts and/or bank statements to support your claim.Additionally, please could you confirm that you are not making a claim with your bank, credit card provider or any insurance policy you may hold for these same incidental expenses.
You can send us your information by email or post using the following details:
[email protected]
British Airways Plc
Customer Relations
PO Box 286118
28361 Bremen
Germany
Please accept our deepest apologies for any inconvenience caused by the criminal activity. We’ll be in touch with you when we’ve received your information. If you have any questions about this, you can reply to this email directly using the blue link below.
I look forward to hearing from you soon.
Best regards
NAME OF CUST SERVICE AGENT
British Airways Customer Relations
Your case reference is:*******Please use the following link to send us a reply and quote your case reference ********** in any correspondence with us: replyto.me.ba **Please do not send payment card details via email**
**************************
OTHER CONTACT INFORMATION
**************************
If you have a general query about British Airways or your journey with us, you can ask your question online:
http://www.ba.com/yourquestions
**************************
LEGAL INFORMATION
**************************
This email was sent to you by British Airways Plc - Waterside, Speedbird Way, Harmondsworth, UB7 0GB, United Kingdom. (To find out more, click here www.ba.com/aboutba)This email is intended solely for the addressee(s) and the information it contains is confidential. If you are not the intended recipient (a) please delete the email and inform the sender as soon as possible, and (b) any copying, distribution or other action taken or omitted to be taken in reliance upon it is prohibited and may be unlawful.
This message is private and confidential and may also be legally privileged. If you have received this message in error, please email it back to the sender and immediately permanently delete it from your computer system. Please do not read, print, re-transmit, store or act in reliance on it or any attachments. British Airways may monitor email traffic data and also the content of emails, where permitted by law, for the purposes of security and staff training and in order to prevent or detect unauthorised use of the British Airways email system. Virus checking of emails (including attachments) is the responsibility of the recipient. British Airways Plc is a public limited company registered in England and Wales. Registered number: 1777777. Registered office: Waterside, PO Box 365, Harmondsworth, West Drayton, Middlesex, England, UB7 0GB. Additional terms and conditions are available on our website: www.ba.com
In addition also got another mail about trying to claim tp & avios (which I never did).
Don't know where this is heading, did anyone else outside UK get calls or mails ?
**Please DO NOT reply directly to this email by using the ‘reply’ function on your personal email settings, as it WILL NOT be received. If you wish to send us a reply please use the link at the bottom of the email**

Dear Mr Diamantaire
Thanks for getting in touch about the recent data theft and please accept my apologies for any inconvenience or concern this may have caused you. Please accept my apology for the delay in responding.Our investigations to date confirm the theft occurred from 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018 inclusive. Accordingly, you would only be affected by this if you made, or changed, a booking during this time on ba.com or the mobile app. We want to reassure you that our website and mobile app are now working normally.The personal information compromised includes name, billing address, email address and all payment card information. This includes your card number, expiry date and CVV. No passport or travel details were stolen. As we wrote to you previously, unfortunately this information could be used to conduct fraudulent transactions using your bank or credit card account. Any passengers on the booking who have payment cards saved with us are not impacted, unless their card was used to make payment for the booking between 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018 inclusive.If you have noticed a fraudulent transaction on your card, in the first instance, please contact your bank or credit card provider and follow their recommended advice.
It’s important you’re not out of pocket as a consequence of the data theft so we have partnered with the banks and credit card providers to ensure you are reimbursed as swiftly as possible. In the first instance, the card provider should be your point of contact to analyse any suspicious payments and make sure you get any funds re-credited as quickly as possible. If you have any incidental costs which are not covered, you should contact us in writing. In order for us to review your claim, please provide us with the following details:
• The booking reference created between 22:58 (BST) on 21 August 2018 until 21:45 (BST) on 05 September 2018.
• The actual date you made your booking.
• The email address and contact number in the booking that was created.
• Any receipts and/or bank statements to support your claim.Additionally, please could you confirm that you are not making a claim with your bank, credit card provider or any insurance policy you may hold for these same incidental expenses.
You can send us your information by email or post using the following details:
[email protected]
British Airways Plc
Customer Relations
PO Box 286118
28361 Bremen
Germany
Please accept our deepest apologies for any inconvenience caused by the criminal activity. We’ll be in touch with you when we’ve received your information. If you have any questions about this, you can reply to this email directly using the blue link below.
I look forward to hearing from you soon.
Best regards
NAME OF CUST SERVICE AGENT
British Airways Customer Relations
Your case reference is:*******Please use the following link to send us a reply and quote your case reference ********** in any correspondence with us: replyto.me.ba **Please do not send payment card details via email**
**************************
OTHER CONTACT INFORMATION
**************************
If you have a general query about British Airways or your journey with us, you can ask your question online:
http://www.ba.com/yourquestions
**************************
LEGAL INFORMATION
**************************
This email was sent to you by British Airways Plc - Waterside, Speedbird Way, Harmondsworth, UB7 0GB, United Kingdom. (To find out more, click here www.ba.com/aboutba)This email is intended solely for the addressee(s) and the information it contains is confidential. If you are not the intended recipient (a) please delete the email and inform the sender as soon as possible, and (b) any copying, distribution or other action taken or omitted to be taken in reliance upon it is prohibited and may be unlawful.
This message is private and confidential and may also be legally privileged. If you have received this message in error, please email it back to the sender and immediately permanently delete it from your computer system. Please do not read, print, re-transmit, store or act in reliance on it or any attachments. British Airways may monitor email traffic data and also the content of emails, where permitted by law, for the purposes of security and staff training and in order to prevent or detect unauthorised use of the British Airways email system. Virus checking of emails (including attachments) is the responsibility of the recipient. British Airways Plc is a public limited company registered in England and Wales. Registered number: 1777777. Registered office: Waterside, PO Box 365, Harmondsworth, West Drayton, Middlesex, England, UB7 0GB. Additional terms and conditions are available on our website: www.ba.com
Last edited by diamantaire; Sep 20, 18 at 7:00 am